SQL Injection and the “Flintstones/Jetsons” Way to Deal with Licence Plate Cameras

SQL Injection and the “Flintstones/Jetsons” Way to Deal with Licence Plate Cameras

“Flintstones/Jetsons” is a term that Mark Mothersbaugh from Devo uses to describe technology solutions that are a combination of low- and high-tech. It’s probably an apt term for what the driver of the Renault in the photo above is doing to foil licence plate cameras. If the “Jetsons” part – the SQL injection attack comprising the text on the banner on the bumper – doesn’t work, the “Flintstones” approach of physically covering up the licence plate will.

SQL Injection-a-Rama

No quick tour of SQL injection is complete without mentioning this classic XKCD comic, Exploits of a Mom. If you’ve ever heard someone use the phrase “Little Bobby Tables” when talking about databases and security, here’s where it comes from:

Want a good introduction to SQL injection attacks? Start with SQL Injection Attacks by Example at Steve Friedl’s Unixwiz.net Tech Tips. It walks you through the steps of an SQL injection attack, where a cracker (note that I said “cracker” – there are hackers and crackers, and there’s a difference) uses a combination of deductive reasoning and unexpected, unsanitized input to get unintended results from the database.